Updated OpenSSL packages that correct a security issue and various bugs are
now available for Red Hat Enterprise Linux 4. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this
function and overrun a buffer by a single byte (CVE-2007-5135). Few
applications make use of this vulnerable function and generally it is used
only when applications are compiled for debugging.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.